CWE-89

High likelihood

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Parent: CWE-943 - Improper Neutralization of Special Elements in Data Query Logic

The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

19,655 vulnerabilities with CWE-89
CVE-2024-10805 MEDIUM
University Event Management System 1.0 - SQL Injection via doedit.php id Parameter
CVSS 6.3
CVE-2024-10791 HIGH
Codezips Hospital Appointment System 1.0 - SQL Injection via Name Parameter in doctorAction.php
CVSS 7.3
CVE-2024-51327 CRITICAL
ProjectWorlds Travel Management System 1.0 - SQL Injection Authentication Bypass via Login Form
CVSS 9.8
CVE-2024-51326 HIGH
projectworlds Travel Management System 1.0 - SQL Injection via deletesubcategory.php t2 Parameter
CVSS 7.5
CVE-2024-51626 HIGH
Mansur Ahamed Woocommerce Quote Calculator <1.1 - SQL Injection
CVSS 8.5
CVE-2024-51672 HIGH
WPDeveloper BetterLinks <2.1.7 - SQL Injection
CVSS 7.6
CVE-2024-36485 HIGH
Zohocorp ManageEngine ADAudit Plus <8121 - SQL Injection
CVSS 8.3
CVE-2024-48878 HIGH
ManageEngine ADManager Plus <= 7241 - SQL Injection in Archived Audit Report
CVSS 8.3
CVE-2024-10760 MEDIUM
University Event Management System 1.0 - SQL Injection via /dodelete.php id Parameter
CVSS 6.3
CVE-2024-10759 MEDIUM
Farm Management System 1.0 - SQL Injection via pigno Parameter
CVSS 6.3
CVE-2024-10758 HIGH
code-projects/anirbandutta9 Content Management System and News-Buzz 1.0 - SQL Injection via user_name Parameter
CVSS 7.3
CVE-2024-10752 HIGH
Codezips Pet Shop Management System 1.0 - SQL Injection via /productsadd.php id/name Parameter
CVSS 7.3
CVE-2024-10751 MEDIUM
Codezips ISP Management System 1.0 - SQL Injection via pay.php Customer Parameter
CVSS 6.3
CVE-2024-10742 MEDIUM
Wazifa System 1.0 - SQL Injection via control.php 'to' Parameter
CVSS 6.3
CVE-2024-10741 HIGH
E-Health Care System 1.0 - SQL Injection via f_name Parameter
CVSS 7.3
CVE-2024-10740 MEDIUM
E-Health Care System <= 1.0 - SQL Injection via consulting_id Parameter
CVSS 6.3
CVE-2024-10739 HIGH
E-Health Care System 1.0 - SQL Injection via Admin Login Parameters
CVSS 7.3
CVE-2024-10738 MEDIUM
Farm Management System 1.0 - SQL Injection via manage-breed.php breed Parameter
CVSS 6.3
CVE-2024-10737 HIGH
Codezips Free Exam Hall Seating Management System 1.0 - SQL Injection via email Parameter in teacher.php
CVSS 7.3
CVE-2024-10736 HIGH
Free Exam Hall Seating Management System 1.0 - SQL Injection via email Parameter in student.php
CVSS 7.3
CVE-2024-10735 MEDIUM
Project Worlds Life Insurance Management System 1.0 - SQL Injection via /editNominee.php nominee_id Parameter
CVSS 6.3
CVE-2024-10734 MEDIUM
Project Worlds Life Insurance Management System 1.0 - SQL Injection via recipt_no Parameter in editPayment.php
CVSS 6.3
CVE-2024-10733 HIGH
Restaurant Order System 1.0 - SQL Injection via /login.php uid Parameter
CVSS 7.3
CVE-2024-10732 MEDIUM
Tongda OA 2017-11.10 - SQL Injection via /module/word_model/view/index.php query_str Parameter
CVSS 6.3
CVE-2024-10731 MEDIUM
Tongda OA < 11.10 - SQL Injection via ID Parameter in check_seal.php
CVSS 6.3
Details
Vulnerabilities 19,655
Exploit Likelihood High